Merge pull request #229308 from Eitan-Shteinberg/patch-2

prmerger-automator[bot] · web-flow · commit ff679f0426f1 · 2023-03-07T15:34:31.000Z
Update storage-files-planning.md
diff --git a/articles/storage/files/storage-files-planning.md b/articles/storage/files/storage-files-planning.md
@@ -134,12 +134,17 @@ You can back up your Azure file share via [share snapshots](./storage-snapshots-
 
 You can perform both item-level and share-level restores in the Azure portal using Azure Backup. All you need to do is choose the restore point (a particular snapshot), the particular file or directory if relevant, and then the location (original or alternate) you wish you restore to. The backup service handles copying the snapshot data over and shows your restore progress in the portal.
 
-For more information about backup, see [About Azure file share backup](../../backup/azure-file-share-backup-overview.md?toc=/azure/storage/files/toc.json).
-
 ### Protect Azure Files with Microsoft Defender for Storage
-Microsoft Defender for Storage provides an additional layer of security intelligence that generates alerts when it detects anomalous activity on your storage account, for example unusual access attempts. It also runs malware hash reputation analysis and will alert on known malware. You can configure Microsoft Defender for Storage at the subscription or storage account level via Microsoft Defender for Cloud.
+Microsoft Defender for Storage is an Azure-native layer of security intelligence that detects potential threats to your storage accounts. It provides comprehensive security by analyzing the data plane and control plane telemetry generated by Azure Files. It uses advanced threat detection capabilities powered by [Microsoft Threat Intelligence](https://go.microsoft.com/fwlink/?linkid=2128684) to provide contextual security alerts, including steps to mitigate the detected threats and prevent future attacks.
+
+Defender for Storage continuously analyzes the telemetry stream generated by Azure Files. When potentially malicious activities are detected, security alerts are generated. These alerts are displayed in Microsoft Defender for Cloud, along with the details of the suspicious activity, investigation steps, remediation actions, and security recommendations.
+
+Defender for Storage detects known malware, such as ransomware, viruses, spyware, and other malware uploaded to a storage account based on full file hash (only supported for REST API). This helps prevent malware from entering the organization and spreading to more users and resources. See also the [Limitations of hash reputation analysis](https://learn.microsoft.com/azure/defender-for-cloud/defender-for-storage-introduction#limitations-of-hash-reputation-analysis).
+
+
+Defender for Storage doesn't access the storage account data and doesn't impact its performance. You can [enable Microsoft Defender for Storage](https://learn.microsoft.com/azure/storage/common/azure-defender-storage-configure) at the subscription level (recommended) or the resource level.
+
 
-For more information, see [Introduction to Microsoft Defender for Storage](../../defender-for-cloud/defender-for-storage-introduction.md).
 
 ## Storage tiers
 [!INCLUDE [storage-files-tiers-overview](../../../includes/storage-files-tiers-overview.md)]
